Defend, deter and develop: UK's national cyber security strategy
The UK Government has published the National Cyber Security Strategy 2016 to 2021, which sets out the government's plan to make Britain secure and resilient in cyberspace. The new strategy is built on three core pillars: defend, deter and develop, writes Roger Gomm.
(Krill Makarov / 123rf)
As we all know, the systems that underpin our daily lives are connected to the Internet. They range from air traffic control, satellites to power grids, as well as the domestic devices in our pockets, our homes and our cars. While this technology presents huge opportunities for the economy, it also presents a risk. Trust in the Internet and the infrastructure on which it relies is fundamental to our economic future. We need a secure cyberspace and the media reports remind us on a regular basis of the scale of the challenge we face.
Malicious cyber activity knows no international boundaries. State actors are experimenting with offensive cyber capabilities. Cyber criminals are broadening their efforts and expanding their strategic modus operandi to achieve higher value payouts from citizens, organisations and institutions. Terrorists and their sympathisers are conducting low-level attacks and aspire to carry out more significant acts.
In recognition of the risk cyber-attacks pose, the 2015 Strategic Defence and Security Review classified cyber as a Tier One threat to the UK in the risk assessment: that’s the same level as terrorism, or international military conflict.
The government’s aim is that by 2021 the UK is secure and resilient to cyber threats, prosperous and confident in the digital world.
To achieve this aim it has developed the following objectives:
-
DEFEND To have the means to defend the UK against evolving cyberthreats, to respond effectively to incidents, to ensure UK networks, data and systems are protected and resilient. Citizens, businesses and the public sector have the knowledge and ability to defend themselves.
-
DETER The UK will be a hard target for all forms of aggression in cyberspace. This will involve detecting, understanding, investigating and disrupting hostile action, pursuing and prosecuting offenders. The country will have the means to take offensive action in cyberspace, should it choose to do so.
-
DEVELOP To have an innovative, growing cyber security industry, underpinned by world-leading scientific research and development. The country will have a self-sustaining pipeline of talent providing the skills to meet its national needs across the public and private sectors. This cutting-edge analysis and expertise will enable the UK to meet and overcome future threats and challenges.
The government states that it will draw on its capabilities and those of industry to develop and apply active cyber defence measures to significantly enhance the levels of cyber security across UK networks. These measures include minimising the most common forms of phishing attacks, filtering known bad IP addresses, and actively blocking malicious online activity. Improvements in basic cyber security will raise resilience to the most commonly deployed cyber threats.
To support the strategy the government recently created a National Cyber Security Centre (NCSC) to be the authority on the UK’s cyber security environment, sharing knowledge, addressing systemic vulnerabilities and providing leadership on key national cyber security issues. The NCSC will be led by CEO Ciaran Martin, formerly director general of government and industry cyber security at intelligence agency GCHQ.
The strategy is available here (PDF format).
Roger Gomm QPM, is Advisor, Trainer, Consultant, Associate Lecturer, Cabinet Office Emergency Planning College, UK, and Member of CRJ’s Editorial Advisory Panel
Roger Gomm, 26/11/2016